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Apparatus and method for conveying private information within a 
group communication system DT01 Rec>d PC jkV: ZOuBjMf 

Technical field of the invention 

The present invention relates to an apparatus and method for conveying private in- 
formation within an established group communication. More in detail, the invention 
relates to communication between two parties within an established IP-multicast 
group where the group involves more than two participants. 

Background of the invention 

Media information can be distributed within a eommnnieating group of users by 
means of so-eaUed IP-multicast transmission. This multicast transmission technique 
relies on the principle that the information is transmitted to a multicast group and 
further copied in the network to participating parties who require a copy of the m- 
formation. 

Public information in a network of the above kind is attributed within the group of 
users by IP-multicast in the form of streamed media. However, there may be a need 
for disttibution of information of particular interest to only a sub-part of parttcipat- 
ing users, and to distribute private messages exclusively wititin that sub-part of the 
participating group. According to prior art technology, in such a case a special 
communication channel is established between the sub-group members in parallel 
with the public multicast communication channel. However, network constraints, 
such as firewalls or other access limiting security arrangements may impede or even 
preclude transmission of non-multicast communication from reaching the intended 
recipient. This is a drawback associated with prior art, which limits the deployment 
of applications for group communication. Today, the trend in society is that meas- 
ures are taken in the direction of enhanced security, and tire security consciousness 
among users and network administrators has increased. Therefore the need for an 
arrangement enabling communication, while simultaneously respecting network 
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constraints and limitations, such as firewalls and other security measures, has be- 
come even greater than before. 



Summary of the invention 

< lt is therefore an object of represent invention to alleviate the previously men- 
toed shortcomings of prior art associated with group commutation service. 
This is accomplished by an apparatus and method for distribution of a steamed sig- 
nal within a group of users in a computer network, the users accessing client termi- 
nals for participation* a multicast session, tire apparatus comprising, 

connecting links adapted to connect tire client terminals ofusers and 
related equipment, such as capturing means, to tire multicast session, preferably via 
the Internet or other interconnecting network, 

an extension header being added to data packets of the streamed signal, 
me extensionheader comprising identification data relating to tire intended recipient 

of a packet, 
characterised in that 

a filtering means associated with the receiving chent is adapted to filter 
outdatapacketscomprismgidentificationdammmeextensionheaderidentifymg 

the recipient and receiving the streamed signal. ; 

Only one copy of tiie information is transmitted from the sender independentiy of 
theamomrtofreceivers.Wititinammticastgmup.aspmviouslydescnheitiiem 
niaybeaneedforu^ntittmgprivateorconfidentialinformationexclusivety 
within onlyasubpartoftiie group, usuatiy tansmission one to one. By means ,ot 

tial information which is distributed accessible to only intended recipients. Tins 
could he critical information not to be disclosed ho all parties in a business negotia- 
tion, keys and solutions to problems during an electronic educational meehng, m*, 

affairs or political relations, etc. 
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The present invention, which provides a solution to the mentioned distention and 
confidentiality problem is advantageous in many ways. The previous need for estab- 
lishing a dedicated unicast connection in parallel with the existing multicast connec- 
tion is no longer necessary. Communication of non-public interest, possibly of pri- 
vate or sensitive nature, may be executed during apublic session. The advantage of 
the invention is henee the ability to reuse the existing communications channel 
while maintaining the confidentiality if this is desirable. 

Due to network constraints it is desirable to send also this information using D>- 
multicast even tough it will reach non-interested receivers. These network con- 
straints include for example firewalls and other corresponding security arrange- 
ments where the receiver might only have IP-multicast access or only access to a 
portal, i.e. a so-called reflector. 

Brief description of the drawings 

The features, objects, and further advantages of this invention will become apparent 
by reading this description in conjunction with the accompanying drawings, m 
which like reference numerals refer to like elements and in which: 

Fig 1 illushates a schematic overview of the apparatus for distribution of a streamed 
signal within a group of users according to the present invention. 

Fig 2 is a signalling chart representing the content of a header added to distributed 
data packets according to the present invention. 



Detailed description 



The following description is of the best mode presently contemplated for practismg 
the invention. The description is not to be taken in a limiting sense, but is made 
merely forthe purpose of describing the general principles of the invention. The 
scope of the invention should be ascertained with reference to the issued claims. 



AMENDED SHEET 



PGf /SE MM /O 0 1 0 3 0 
I 1 3 -08- 2004 



According to the present invention, the Internet is used as a means for distribution 
of streamed media. Use of the Internet is the optimal solution as long as it provides 
a reliable connection having sufficient transmission rates, without network conges- 
tion problems. The invention does not lead to undesired overload within the com- 
puter networks with unnecessary amounts of raw data, and the raw data can be com- 
pressed to require even less transmission capacity. The amount of data distributed 
through the network is reduced, since the data stream sent as a copy from one client 
terminal to other associated client terminals can be compressed, as a result of which 
the total amount of data transmitted over the network is reduced. 

The implementation of the invention is based on addition of a special header to pri- 
vate packets being part of transmitted information in a network. The packets iden- 
tify the receivers and these packets are filtered on the receiving side of the distribu- 
tion channel, although every participating member in a communication group actu- 
ally receives the identifiable data. This is implemented in practice using a special 
header extension which is available in the Real-time Transport Protocol standard for 
identifying that header extensions actually exist in the packet. 

The invention is not limited to any particular type of data but is applicable for any 
type of information transmitted, such as for audio, video, chat, etc. 

With reference to Fig 1, a schematic overview illustrates the apparatus for distribu- 
tion of a streamed signal within a group of users in a computer network. A plurality 
of client terminals 10, 20, 30, 40 connected to a distributing globally connected 
computer network, such as the Internet via connecting links 12, 22, 32, 42. The con- 
necting lines may be various wired connections, but likely for use already today or 
at least in a near future are also wireless transmission technologies, such as access 
technology based on infrared, Bluetooth or wireless-LAN. Connection means used 
in association with the present invention will be developing with new and emerging 
access technologies. To each host is coupled image capturing means 16, 26, 36, 46, 
preferably a so-called web-camera, a digital camera or a digital video camera. 



AMENDED SHEET 



PCT/SE 2003 /0 0 1 0 3 0 
£ 5 9 13 -OS- WW 

Moreover, audio capturing means 18, 28, 38, 48, in the form of amicrophone ar- 
rangement is connected to each client terminal as well as filtering means 14, 24, 34, 
44. 

The client terminals themselves arrange the distribution of the data stream to other . 
multicast group members. This is an autonomous function between client terrmnals 
as soon as the participants in a group are defined and authorised. There may be ar- 
ranged a central administration entity, preferably in the form of aportal handling 
accessibility of users willing to participate in a multicast group of users. Necessary , 
identification, authentication and authorisation of users to a group is earned out by 
means of the central administration entity, i.e. the portal interfacing between the en- 
tity and users, but a detailed description of those steps clearly goes beyond the scope 
of this appUcation and is therefore omitted here. 

With particular reference to Fig 2, parts of the previously mentioned Real-time 
Transfer Protocol (RTF) is depicted. The protocol comprises a part of the header 
called the extension bit When this bit is determined, the normal RTP header is fol- 
lowed by a new RTP header extension having a content of at least 4 bytes of data. 
This new extension header is placed between the RTP header and the RTP payload, 
which contains the actual content to be distributed, sueh as for example the video 
stream of a multicast session. 

The extension name is set to a common identifier, identifying this extension as a fil- 
ler destination. In accordance with a preferred embodiment of the invention, the fil- 
ter destination header is identified by the bytes numbered 77 and 65 . The "length- 
field is the total length of the header extension including the first 4 bytes. Reference 
is here made to the RTP specification IETF RFC1889 (request for comments) where 
the first 4 bytes are defined "v" which is found far left in Fig 2 defines two bits 
primarily intended for making changes possible within the header extension. "X" 
denotes an unused field in the header, "cmd" is a command that allows alternative 
use of the header extension. The reason for this possible alternative use is that a 
stream can only contain one RTP header extension per packet if it is to conform 
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with the RTP specification. In this case the command cmd is set to 0. "dest number" 
is the number of destinations in this particular packet, which may be any number re- 
lating to the size of the sub-group of intended recipients, "real payload" is the type 
of data being sent in this packet. The real RTP header contains a payload type field 
and just as the case of other applications, and it is not intended to be possible to de- 
code the data by leaving out the extension header. This extension header is origi- 
nally set to the original value of 127. This number denotes, in accordance with the 
mentioned RTP specification, "unspecified" and then includes the real payload type. 
This will lead to applications that do not interpret this header extension to dispose of 
the packet. ID1, ID2, ... are the unique identifiers for the intended destination, i.e. 
who the intended recipient of this packet is^ 

Realisation of the addition of an extension header to a data packet can be carried out 
in accordance with the following embodiment. The sender is sending data to every- 
body in the group, the group by way of example comprising three users. There users 
are userl (id=10), user2 (id=20) and user3 (id=30). For any reason, the sender of 
data may be interested in sending a data packet to only "userl" and "user3". This is 
denoted a private audio conversation, or a so-called whisper within the group com- 
munication. The new packet is composed with the header extension bit set to 1 and 
header extension is added after the RTP header as previously described with refer-^ 
ence to Fig 2. This extension header will comprise "dest nummer" = 2 and "ID1" - 
10 and "ID2" = 30. Subsequently a packet is sent to the whole group and is received 
by all three users (userl , user2 and user3). The second user, i.e. user2 will also re- 
ceive this packet and decode the extension header but will not find itself in the des- 
tinations list and it will therefore dispose of the packet. 

However, the other users, i.e. userl and user3, will decode the extension header, 
find themselves in the destination list and handle the data according to the payload 
type denned in the "real payload" type field. 

In accordance with the present invention, software is developed in parallel with the 
apparatus for distribution of signals. The software resides in a memory associated 
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with said apparatus. The software is designed for instructing the hardware to carry 
out sequential method steps previously described in this application. 
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Claims 

1. Apparatus for distribution of a streamed signal within a group of users in a com- 
puter network, the users accessing client terminals (10, 20, 30, 40) for participa- 
tion in a multicast session, the apparatus comprising, 

connecting links (12, 22, 32, 42) adapted to connect the client terminals 
of users and related equipment, such as capturing means (16, 26. . .; 18, 28. . .), to 
the multicast session, preferably via the Internet or other interconnecting net- 
work, 

an extension header being added to data packets of the streamed signal, 
the extension header comprising identification data relating to the intended re- 
cipient of a packet, 
characterised in that 

a filtering means (14, 24, 34, 44) associated with the receiving client is 
adapted to filter out data packets comprising identification data in the extension 
header identifying the recipient and receiving the streamed signal. 

2. Apparatus for distribution of a streamed signal according to claim 1, character- 
ised in that 

the transmitted signal is encoded by the sending client terminal and de- 
coded by the intended recipient only at the receiving client terminal by means of 
a separately provided decryption key. 

3 . Method for distributing a streamed signal via the Internet or other interconnect- 
ing network within a group of users in a computer network, the users accessing 
client terminals (10, 20, 30, 40) for participation in a multicast session, the 
method comprising the steps of, 

adding an extension header to data packets of the streamed signal, the 
extension header identifying the intended recipient of a packet, 
characterised by 

filtering out data packets comprising identification data in the extension 
header identifying the recipient and allowing them to pass through a filtering 



AMENDED SHEET 



PCT/SE 200^OJ)J^q 

4 # 

means (14, 24, 34, 44), which is associated with the receiving client 

4. Computer program product for distributing a streamed signal within a group of 
users in a computer network, the computer program product being integrated and 
5 transmissible between comprised units according to claims 1-2, and the com- 

puter program product being adapted for carrying out the method steps of claim 
3. 
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